[145495] in cryptography@c2.net mail archive
Re: A mighty fortress is our PKI, Part II
daemon@ATHENA.MIT.EDU (Alexandre Dulaunoy)
Thu Jul 29 09:37:56 2010
In-Reply-To: <20100729010928.GJ566@oracle.com>
Date: Thu, 29 Jul 2010 10:50:10 +0200
From: Alexandre Dulaunoy <a@foo.be>
To: Nicolas Williams <Nicolas.Williams@oracle.com>
Cc: cryptography@metzdowd.com
On Thu, Jul 29, 2010 at 3:09 AM, Nicolas Williams
<Nicolas.Williams@oracle.com> wrote:
> This is a rather astounding misunderstanding of the protocol. =A0An
> OCSPResponse does contain unauthenticated plaintext[*], but that
> plaintext says nothing about the status of the given certificates -- it
> only says whether the OCSP Responder was able to handle the request. =A0I=
f
> a Responder is not able to handle requests it should respond in some
> way, and it may well not be able to authenticate the error response,
> thus the status of the responder is unauthenticated, quite distinctly
> from the status of the certificate, which is authenticated. =A0Obviously
> only successful responses are useful.
I agree on this and but the implementation of OCSP has to deal with
all "non definitive" (to take the wording of the RFC) answers. That's
where the issue is. All the "exception case", mentioned in 2.3, are
all unauthenticated and it seems rather difficult to provide authenticated
scheme for that part as you already mentioned in [*].
That's why malware authors are already adding fake entries of OCSP
server in the host file... simple and efficient.
I just wanted to raise the point that a model like PK-i relying on complex
scheme for security will easily fail at the obvious as the attacker
is often choosing the shortest/fastest path to reach his goal.
> [*] It's not generally possible to avoid unauthenticated plaintext
> =A0 =A0completely in cryptographic protocols. =A0The meaning of a given b=
it
> =A0 =A0of unauthenticated plaintext must be taken into account when
> =A0 =A0analyzing a cryptographic protocol.
--=20
--=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=A0 Alexandre Dulaunoy (adulau) -- htt=
p://www.foo.be/
--=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=A0 http://www.foo=
.be/cgi-bin/wiki.pl/Diary
--=A0 =A0 =A0 =A0=A0 "Knowledge can create problems, it is not through igno=
rance
--=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 that we c=
an solve them" Isaac Asimov
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
